from the cocksure-offending dept

Back in May last year, Techdirt wrote about how the UK police worked in worryingly-close collaboration with the local anti-piracy group, FACT (Federation Against Copyright Theft), effectively becoming its private enforcement squad. As we noted recently that case has now passed through the UK courts, with Philip Danks receiving 33 months in prison.

The severe sentence is noteworthy, but what's really interesting here is how Danks was tracked down. TorrentFreak has written a fascinating follow-up piece explaining just how easy he made it. Apparently, Danks's online alias in the torrenting scene was TheCod3r. That seems safe enough, revealing nothing about the person behind it. But as TorrentFreak notes, a quick online search for that term brings up a link to someone else using exactly the same nickname, this time on the dating site Plenty of Fish:

Clicking that link on dating site Plenty of Fish (POF) reveals a whole range of information about a person who, at the very least, uses the same online nickname as Danks. There's no conclusive proof that it's the same person, but several pieces of information begin to build a picture.

In his POF profile, Danks reveals his city as being Willenhall, a small town situated in an area known locally as the Black Country. What FACT would've known soon after the movie leaked online was which cinema it had been recorded in. That turned out to be a Showcase cinema, just a few minutes up the road from Willenhall in the town of Walsall.

Danks also seems to have been incredibly reckless on Facebook:

On May 10, 2013, Danks again took to Facebook, this time to advertise that he was selling copies of movies including Robocop and Captain America.

This continued distribution of copyrighted material particularly aggravated the Court at his sentencing hearing this week, with Danks’ behavior being described as "bold, arrogant and cocksure offending."

The TorrentFreak article concludes by making an important point:

While the list of events above clearly shows a catalog of errors that some might even find amusing, the desire of many pirates to utilize the same nickname across many sites is a common one employed by some of the biggest in the game.

Once these and other similar indicators migrate across into real-life identities and activities (and the ever-present Facebook account of course), joining the dots is not difficult -- especially for the police and outfits like FACT. And once that happens, no amount of VPN encryption of lack of logging is going to put the genie back in the bottle.

In other words, these high-profile wins for the copyright industry are not the result of the police making use of surveillance powers, or of clever sleuthing by organizations like FACT. Rather, they are the direct and largely predictable result of the arrogance and stupidity displayed by those breaking the law.

from the government-follies dept

If you haven't yet, you really should watch the video we pointed to recently of Australian Attorney General George Brandis trying to explain his internet data retention plan when it's clear he has no idea how the internet works. It's the one where he's asked if it will track the web pages you visit, and Brandis vehemently insists that it will not, but that it will track the web addresses you visit. Some people have said that perhaps he meant it won't record the actual content on the pages, but just the URL (which might matter if it's dynamic pages), but later in the conversation, he also implies (almost clearly incorrectly) that he means it will just track the top level domains, not the full URLs. Here's a reminder snippet:

Brandis: Well, what we'll be able... what the security agencies want to know... to be retained... is the... is the electronic address of the website that the web user is visiting.

Host: So it does tell you the website.

Brandis: Well... well... it tells you the address of the website.

Host: That's the website, isn't it? It tells you what website you've been to.

Brandis: Well, when... when you visit a website you... you know, people browse from one thing to the next and... and... that browsing history won't be retained or... or... or... there won't be any capacity to access that.

Host: Excuse my confusion here, but if you are retaining the web address, you are retaining the website, aren't you?

Brandis: Well... the... every website has an electronic address, right?

Host: And that's recorded.

Brandis: And... um... whether there's a connection... when a connection is made between one computer terminal and a web address, that fact and the time of the connection, and the duration of the connection, is what we mean by metadata, in that context.

Host: I don't see the difference between that and what website I've visited.

Brandis: Well, when you go to a website, commonly, you will go from one web page to another, from one link to another to another, within that website. That's not what we're interested in.

Host: Okay. So the overarching... if I go to... SkyNews website, it'll tell that, but not necessarily the links within that that I go to?

Brandis: Yes.

While it's a bit of a third hand story, Reason recently did an interview with Australian Senator David Leyonhjelm (who is against data retention, and describes himself as libertarian). Towards the end of the interview, he discusses data retention and tells a very troubling story about how those pushing for data retention had no idea what a VPN is. The story involves a much more knowledgeable government official -- which Gizmodo Australia suspects is Communications Minister Malcolm Turnbull -- demonstrating a VPN and leaving them all dumbfounded:

The other one that's causing a fair bit of grief is a metadata retention plan, the equivalent of what your NSA does. We don't have metadata retention at the moment and the agencies have been saying, "Oh, well we should have it. You can't use it if you haven't got it," sort of thing. But I spoke to one of the ministers last week about this because he does know what "metadata" means—he knows quite a lot about the Internet and how it works—He said to me people who are asking for this data, people who are thinking this is a good idea, actually have no idea what they're asking for. They don't know what they're going to do with it. They don't know what the implications of requiring it are. They haven't really thought this through.

He gave them a demonstration on a VPN [virtual private network] and said, "By my IP address, tell me what you can find out about me now." And they had no idea there was such a thing as a VPN. It indicates to me that these people are not well-informed enough to make these kinds of decisions. As it stands, it may be that the government may only require the Internet companies to store the IP address of the originating Internet use, so they'll know what computer you're from and what IP you're working from, which is not a lot different from keeping a record of the phone you're calling from. So if that's the case, it's probably not going to pose too much alarm. He's a minister and he knows what he's talking about. But he's surrounded by people who don't know what they're talking about who think that they need something more. We don't know yet where this will end up. It does have the potential to be very dangerous.

Now, the story does not make it entirely clear about who he's talking about. It could be read to be Brandis or his staff that didn't know about VPNs. Or, much more troubling, it could be read to be the intelligence community -- though I find that hard to believe. Either way, however, it does suggest a sort of blind adherence to the "collect it all" philosophy of intelligence gathering, without any real understanding of the issues or consequences.

from the copyright-makes-you-do-silly-things dept

Last month, we wrote about how the New Zealand ISP Slingshot had started offering what it called "Global Mode" as a standard feature. The ISP realized the simple ridiculousness of geoblocking content, especially since so much content is deemed "unavailable" in New Zealand. So, in response, it basically set its services up so that it disguised where the user was coming from (not unlike many VPN services). This seemed like smart customer service. But, obviously, not everyone is thrilled with it. The local SkyTV is apparently banning ads from Slingshot if they mention Global Mode. Watch SkyTV's spokesperson totally fail to understand the issue:

Sky TV spokeswoman Kirsty Way confirmed the advertisements had been rejected because of their references to Global Mode.

"We are a business that pays people who create television so we are against any form of piracy or the undermining of intellectual property rights," she said.

Except that Global Mode is not piracy, nor does it "undermine intellectual property rights." It merely lets people use the internet in ways to access and pay for authorized content. It actually lets folks in New Zealand do things like pay for Netflix or Hulu -- which they can't do today.

Slingshot's General Manager Taryn Hamilton rightly calls this situation ridiculous, noting that rejecting the ads is "unjustified and petty." It's also fairly counterproductive, given that now Slingshot gets probably more publicity for the service without having to pay the foolish and small-minded folks at SkyTV for the pleasure.

from the gold-medal-inconsistency dept

Aside from a now-traditional lack of enough live coverage, pretty awful commentary, a ridiculous over-abundance of a strangely limited rotation of ads, making Bode Miller cry and Bob Costas' double eye infection, NBC did a pretty good job covering the Winter Olympics, right? NBC certainly believes so, even though it seems that many Americans found NBC coverage so immensely annoying, they went to great lengths to install VPNs so they could watch Canada's version of the games instead.

What has NBC achingly proud, however, is the fact that the company cleverly worked with Olympics officials to prevent viewers from trying to access the games via non-sanctioned NBC streams and online outlets. According to NBC, the company worked to kill off some 45,000 videos of Olympics competition, and an estimated 5,000 live streams (they avoid showing their math or any historical context for those numbers):

"Officials estimate that 20,000 videos of Olympic competition were kept off YouTube, either through filtering technology that prevents them from being posted in the first place or locates and takes them down shortly after they are added. Another 20,000 were stopped from distribution on similar video-sharing sites popular elsewhere in the world, like Dailymotion in Europe or VK.com in Russia, NBC said."

Right, well, good job I guess. The problem is that while NBC was busy waging their proud war on Olympic videos, they were simultaneously engaged in practices that were driving users to those same viewing options. While NBC did offer some live streams on their website, they were largely restricted to customers that only pay for cable, as part of the industry's lame "TV Everywhere" mindset (a mindset that increasingly doesn't seem to be doing much of anything for anybody, including cable). Worse, even some paying TV customers, like those paying for Comcast's new HBO, basic cable and broadband bundle, weren't allowed to watch the streams because they weren't buying expensive enough TV packages.

To hear NBC tell it, this kind of absurd inconsistency in policy is all a perfect example of how when NBC and sanctioned friends work together to be inconsistent, it results in online perfection:

"When all the players in the digital ecosystem cooperate and work together, it is possible to create an online environment in which legitimate commerce thrives, jobs are created and consumers receive content how, when and where they want it," said John McKay, NBC spokesman."

A real gold medal performance all around, NBC. You really stuck the landing.

from the give-the-people-what-they-want dept

Australia has a long and proud history of seeing higher copyright infringement rates, thanks in large part to the country's failure to offer up legitimate, affordable streaming video options. With Netflix officially unavailable Down Under, many viewers there have taken things into their own hands and have started using VPNs to mask their location and subscribe to the service anyway. Cue the rising hysteria from both broadcasters and Australian Netflix competitors, who insist that something has to be done about this flagrant outrage. They're helped by regional paper The Australian, which suggests that these paying users are "pirates":

"Highlighting how the TV networks view these people, an article this morning in News Corp-owned The Australian went as far as labeling subscribers as “pirates”, even though they are paying for the service..."There is concern at local networks about the growing impact of the US company flouting international regulations by accepting payments from Australian credit cards, despite maintaining a geo-block that is easily bypassed by VPN manipulation or spoof IP addresses,” the paper said."

Granted, if companies were delivering what users wanted, this wouldn't even be an issue. In fact, that would seem to be a much easier solution to this "problem." Instead, broadcasters and Australian streaming provider Quickflix (HBO is an 8% owner) seem to think it would make more sense to force Netflix to ban the use of a very common technology that has innumerable uses well outside of just skirting regional limitations. Some users, for example, are finding that VPNs are one (albeit sometimes inefficient) way to bypass some of the annoying new peering feuds erupting here in the States. Still, Quickfix thinks somebody really should force Netflix to start blocking VPNs before the country starts falling apart:

"Quickflix chief executive Stephen Langsford has accused US online streaming service Netflix of turning a blind eye to copyright infringement in order to get a free ride in Australia, as competition heats up in the TV and movie streaming market..."The studios have licensed Netflix to distribute content on particular terms in the US and other larger markets, they haven’t licensed Netflix for Australia. I have no doubt that the studios are in discussions with Netflix about VPNs because it is blatantly in breach of terms and Netflix is essentially getting a free ride into Australia."

It seems like only a matter of time before proxies and VPNs see a renewed focus as public enemy number one by the entertainment industry. Most of the world's graduated response programs, including ours here in the States, can't detect users who are using proxies and VPNs at all. With Australia now contemplating a graduated response program of their own, you can expect the vilification of VPNs to ramp up quickly, even though any laws restricting their use would be met with swift and steep opposition.

Netflix hasn't stated why they've yet to head to Australia yet, but it's either because they want to prioritize larger international markets, or they're having a hard time securing content licensing from Australian broadcasters. Until Netflix does show up Down Under, Australian cable operators like Foxtel are engaged in the kind of brilliant anti-piracy maneuvers we've grown used to, such as locking down HBO's Game of Thronesin an exclusive streaming and download arrangement. Surely that will stop copyright infringement of what's become the most pirated show on the Internet, right?

from the chilling-effects dept

The full details here aren't clear, but it looks like another "secure" service based in the US has felt the need to shut down over fears about US surveillance efforts compromising actual security. VPN provider CryptoSeal has announced that it's shuttered the service (via Hacker News):

With immediate effect as of this notice, CryptoSeal Privacy, our consumer VPN service, is terminated. All cryptographic keys used in the operation of the service have been zerofilled, and while no logs were produced (by design) during operation of the service, all records created incidental to the operation of the service have been deleted to the best of our ability.

Essentially, the service was created and operated under a certain understanding of current US law, and that understanding may not currently be valid. As we are a US company and comply fully with US law, but wish to protect the privacy of our users, it is impossible for us to continue offering the CryptoSeal Privacy consumer VPN product.

Specifically, the Lavabit case, with filings released by Kevin Poulsen of Wired.com (https://www.documentcloud.org/documents/801182-redacted-pleadings-exhibits-1-23.html) reveals a Government theory that if a pen register order is made on a provider, and the provider's systems do not readily facilitate full monitoring of pen register information and delivery to the Government in realtime, the Government can compel production of cryptographic keys via a warrant to support a government-provided pen trap device. Our system does not support recording any of the information commonly requested in a pen register order, and it would be technically infeasible for us to add this in a prompt manner. The consequence, being forced to turn over cryptographic keys to our entire system on the strength of a pen register order, is unreasonable in our opinion, and likely unconstitutional, but until this matter is settled, we are unable to proceed with our service.

We encourage anyone interested in this issue to support Ladar Levison and Lavabit in their ongoing legal battle. Donations can be made at https://rally.org/lavabit We believe Lavabit is an excellent test case for this issue.

We are actively investigating alternative technical ways to provide a consumer privacy VPN service in the future, in compliance with the law (even the Government's current interpretation of pen register orders and compelled key disclosure) without compromising user privacy, but do not have an estimated release date at this time.

To our affected users: we are sincerely sorry for any inconvenience. For any users with positive account balances at the time of this action, we will provide 1 year subscriptions to a non-US VPN service of mutual selection, as well as a refund of your service balance, and free service for 1 year if/when we relaunch a consumer privacy VPN service. Thank you for your support, and we hope this will ease the inconvenience of our service terminating.

For anyone operating a VPN, mail, or other communications provider in the US, we believe it would be prudent to evaluate whether a pen register order could be used to compel you to divulge SSL keys protecting message contents, and if so, to take appropriate action.

From this it doesn't sound like the company had been approached by the feds yet, but is doing this in a proactive manner, highlighting the chilling effects of the US government's overreach into online security services.

from the it-depends dept

As Techdirt readers
are no-doubt well aware, online surveillance laws are undergoing
a major revamp across the western world. From
Australia to the
UK, law enforcement agencies are
taking the opportunity to gain unprecedented powers over the
data they can monitor, and are blaming the crackdown on
everything from illegal file-sharing to terrorists. With western
nations becoming increasingly hostile toward the concept of
online anonymity, it's not unreasonable to suggest the use of
commercial VPNs will likely gain more traction (indeed, there's
already some
evidence supporting this). But can VPNs really safeguard
your privacy today and, in the future, what kind of protection
can you expect with the legal landscape changing so rapidly?

It's certainly true
all VPNs have the ability to track users and log their data.
Many do so because they don't consider themselves privacy
services and logging helps identify repeat DMCA infringers and
quickly troubleshoot network issues. Others do so seemingly because
of
a poor grasp of their country's laws.

Of course, anyone
concerned about privacy should not sign-up to a service that's
retaining data. Most privacy-orientated VPNs approach this issue
by using a non-persistent log (stored in memory) on gateway
servers that only stores a few minutes of activity (FIFO). That
time window gives the ability to troubleshoot any connection
problems that may appear, but after a few minutes no trace of
activity is stored.

As you may know the
EU's Data
Retention
Directive came into effect in
2006, requiring “public communications services” to hold web
logs and email logs, amongst other data. IVPN, along with a
number of other EU based VPNs, believe our services are excluded
from this requirement and we do not abide by it. So far there's
been no cases we're aware of compelling VPNs to retain this
information. Indeed, from a user perspective, the presence or
absence of retention laws seem rather arbitrary, given how many
US-based VPNs willingly retain data, despite no
government-mandated policy being in place (at
least
not yet).

When law
enforcement and VPNs collide...

So what happens if a
law enforcement agency approaches a VPN, serves a a subpoena,
and demands a the company trace an individual, based on the
timestamp and the IP address of one of their servers? VPN
services, like all businesses, are compelled to abide by the
law. However, there is no way of complying with the authorities
if the data they require does not exist.

One of the few ways
law enforcement could identify an individual using a privacy
service, without logs, is if they served the owners a gag order
and demanded they start logging the traffic on a particular
server they know their suspect is using. We would shut down our
business before co-operating with such an order and any VPN
serious about privacy would do the same. So unless law
enforcement were to arrest the VPN owners on the spot, and
recover their keys and password before they could react, your
privacy would be protected.

A changing
landscape...

But the biggest
threat to VPN usage is the changing legal landscape. The waters
around the issues presented by VPNs are still being tested and
laws may indeed be amended in the future to prevent such
services operating in certain jurisdictions. So how do you
navigate all this?

In all honesty,
there are no easy answers. Picking a host country based on their
current laws isn't going to help much in the long term. By far
the best measure you can take is to choose a VPN that
demonstrates a commitment to user privacy. Examine the company's
small print, or, better yet, contact the owners and ask them
upfront how far they go to protect your personal data. Ensure
the company is committed to keeping users informed of any
emerging threats to its service and – before buying any lengthy
subscription – make sure the VPN is willing to re-domicile
should its host country change any relevant laws.

from the it's-coming dept

Among our many commenters here, we have one "regular" critic who presents himself as being actively involved in "policy circles" in Washington DC, and who was clearly active in the SOPA/PIPA efforts in trying to write those bills and get them passed. This individual provided enough information (along with plenty of insults in our direction) in the comments to make it clear that they were heavily involved -- if at a low level -- in those efforts. As the debate over this bills wore on and people kept pointing out how encryption would make them all moot in the long run, the commenter declared a few times his (or her?) next target: outlawing encryption. This is, of course, laughable. But if someone who is actually connected to that world thinks that it's a viable idea, then you know that it's only a matter of time until someone actually makes a hamfisted attempt at doing something like trying to outlaw VPNs. That this would go against the very same governments' efforts on "internet freedom" is generally ignored. Cognitive dissonance is strong with this crowd.

That said, with countries like the UK proposing legislation to snoop on all communications -- including encrypted ones -- the folks over at TorrentFreak are right to be wondering how long it will be until someone tries to ban VPNs. Some more authoritarian countries have tried to effectively do so already (without much luck), but as our anonymous commenter suggested above, this idea is at least being considered by plenty of so-called democracies as well.

Thankfully, there would be plenty of powerful forces to fight back against any such attempt. Beyond regular internet users speaking out (ala the SOPA/ACTA protests), you'd also have plenty of companies who rely on encryption and VPNs for their efforts to keep people and data safe. Considering Congress is already suggesting that it should get involved in forcing companies to better protect data, it would be ironic (though, not surprising) to then find them also trying to outlaw encryption/VPNs, not realizing that the two things are diametrically opposed to one another.

In the end, I don't see how a war against encryption or VPNs could actually succeed, but it won't mean that efforts in that direction won't be a painful annoyance when they come around. Either way, people should at least be paying attention to these discussions, and trying to educate politicians that encryption and VPNs are necessary parts of a secure internet.

from the simple-questions dept

Last year, we wrote about one of China's chief censors, the creator of the Great Firewall of China, who did an interview where he talked about how important censorship was to protect people -- while also noting that he, himself, had five VPN accounts to get around the Great Firewall... for research purpose only (he promised). I'm reminded of this while reading an interview with a Kuwaiti censor who seems quite proud of her role in keeping horrible content from being consumed by people in Kuwait -- while also talking about how much she gets to learn in reading all this content.

But here’s where the reporter missed a golden opportunity to ask Dalal the one question that you must always ask a censor if you get to meet one: If the content you are censoring is so destructive to the human soul or psyche, how then is it that you are such a well-adjusted person? And Dalal certainly seems like a well-adjusted person. Although the reporter doesn’t tell us much about her personal life or circumstances, Dalal volunteers this much about herself and her fellow censors: “Many people consider the censor to be a fanatic and uneducated person, but this isn’t true. We are the most literate people as we have read much, almost every day. We receive a lot of information from different fields. We read books for children, religious books, political, philosophical, scientific ones and many others.” Well of course you do... because you are lucky enough to have access to all that content! But you are also taking steps to make sure the rest of your society doesn’t consume it on the theory that it would harm them or harm public morals in some fashion. But, again, how is it that you have not been utterly corrupted by it all, Ms. Dalal? After all, you get to consume all that impure, sacrilegious, and salacious stuff! Shouldn’t you be some kind of monster by now?

Thierer goes on to posit that the "Third-Person Effect Hypothesis" explains the issue. It says that "people will tend to overestimate the influence that mass communications have on the attitudes and behavior of others," while assuming, however, that they are somewhat immune to those effects. It's an interesting post, and that question should be used whenever anyone has the pleasure of meeting (or better yet, interviewing) an official government censor.

from the and-so-it-goes dept

This was mostly expected since earlier this year, but the UK's High Court has now ordered a bunch of ISPs to block The Pirate Bay. This is pretty unfortunate, given that we were just talking about how UK-based musician Dan Bull used The Pirate Bay to help him get on the charts. That avenue is about to be closed off to up and coming musicians... all because the legacy recording industry remains too closed-minded to figure out how to adapt and provide consumers what they want. And, of course, the blockade won't even be remotely effective. Lots of people will just use VPNs or proxies to get what they want anyway. Even more ridiculous is that it will hinder perfectly legitimate activity. Just a few weeks ago I was in the UK, and I was doing some research on The Pirate Bay's "Promo Bay." I wouldn't have been able to do that if The Pirate Bay was blocked. I did nothing illegal, and yet the UK courts want to treat it as such. That's sad.